Last updated: April 26, 2026 · Effective: April 26, 2026
The short version: We collect your phone number and payment card when you register at a Tooru-enabled parking facility. We use this solely to open gates and charge you for parking. We never sell your data. Plate images are deleted within 5 seconds of being read.
1. Who We Are
Tooru Technologies ("Tooru," "we," "us," or "our") operates a parking management platform that enables automatic license plate recognition and cashless payment processing at parking facilities. Our platform is operated by parking facility owners ("Operators") who use our technology to manage their locations.
For privacy inquiries, contact us at: privacy@tooru.co
2. Information We Collect
From Drivers (parking facility users)
- Phone number — collected when you enter your number on a keypad at a Tooru-enabled gate. This is your account identifier.
- Name — collected when you complete card registration via our Stripe-powered registration page.
- Payment card details — collected and stored by Stripe (our payment processor). Tooru never stores raw card numbers. We store only a Stripe payment method token.
- Billing address — collected during card registration for payment fraud prevention.
- License plate number — read automatically by our ANPR camera when your vehicle enters or exits. Stored as text in our database linked to your account.
- Plate images — captured momentarily by our camera for license plate recognition. Deleted automatically within 5 seconds of being processed. Not stored long-term.
- Parking session data — entry time, exit time, duration, amount charged, and location.
From Operators (parking facility owners)
- Business name, email, phone number, and billing information
- Parking facility address and configuration details
- Payment information for Stripe Connect payouts
Automatically collected
- Device IP address of our Raspberry Pi controllers (not your personal device)
- System logs for platform reliability and security monitoring
3. How We Use Your Information
- Gate access — your plate number is matched against registered accounts to open the gate automatically
- Payment processing — your card on file is charged automatically when you exit a parking facility
- SMS notifications — we send you transactional messages: welcome confirmation, exit payment request, and receipt. No marketing messages without your explicit consent.
- Account management — to maintain your registration and support requests
- Fraud prevention — billing addresses and payment data are used to detect and prevent fraudulent transactions
- Platform operation — to provide, improve, and troubleshoot our services
4. SMS Communications
By registering at a Tooru-enabled parking facility you consent to receive transactional SMS messages from Tooru, including:
- Registration confirmation and gate opening confirmation
- Exit payment requests with the amount due
- Payment receipts
- Account notifications (e.g. card declined)
Message frequency varies based on your parking activity. Standard message and data rates may apply. To opt out, reply STOP to any message. To get help, reply HELP.
5. How We Share Your Information
We do not sell your personal information. We share data only in these limited circumstances:
- Parking Operators — the facility owner can see your plate number, session history, and session amounts for locations they operate. They cannot see your card details or billing address.
- Stripe — our payment processor. Subject to Stripe's Privacy Policy at stripe.com/privacy.
- Twilio — our SMS provider. Subject to Twilio's Privacy Policy at twilio.com/legal/privacy.
- Supabase — our database provider. Data is encrypted at rest and in transit.
- Legal requirements — if required by law, court order, or governmental authority.
- Business transfer — in the event of a merger or acquisition, your data may transfer to the successor entity.
6. Data Retention
- Plate images — deleted within 5 seconds of recognition
- Plate reads (text log) — retained for 90 days then deleted
- Session records — retained for 7 years for accounting and legal compliance
- Account data — retained while your account is active and for 3 years after deletion request
- Payment records — retained for 7 years as required by financial regulations
7. Your Rights
Depending on your location, you may have the following rights:
- Access — request a copy of your personal data
- Correction — request correction of inaccurate data
- Deletion — request deletion of your account and associated data (subject to legal retention requirements)
- Portability — request your data in a portable format
- Opt-out of SMS — reply STOP to any message at any time
To exercise any right, email privacy@tooru.co. We respond within 30 days.
8. Security
- All data is encrypted in transit using TLS 1.3
- All data is encrypted at rest using AES-256
- Payment card data is never stored on Tooru servers — handled entirely by Stripe (PCI DSS Level 1 compliant)
- Plate images are deleted within 5 seconds — we do not build a database of plate images
- Access to production systems is restricted to authorised personnel only
9. Children's Privacy
Our service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have collected information from a minor, contact us at privacy@tooru.co.
10. International Data Transfers
Tooru operates in the United States, Canada, and Australia. Your data may be processed in any of these countries. We ensure appropriate safeguards are in place for all international transfers in compliance with applicable privacy laws including PIPEDA (Canada) and the Australian Privacy Act.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via SMS or email. Continued use of Tooru-enabled parking facilities after changes constitutes acceptance of the updated policy.
12. Contact Us
For privacy questions or requests: